System and a method for identifying the presence of malware and ransomware using mini-traps set at network endpoints

Abstract

A system and a method for identifying the presence of ransomware on a network including a plurality of resources, and for trapping the ransomware therein.

Description

[0001]RELATED APPLICATION[0002]The present application is a Continuation in Part of U.S. patent application Ser. No. 14 / 844,844 filed Sep. 3, 2015 and entitled A SYSTEM AND A METHOD FOR IDENTIFYING THE PRESENCE OF MALWARE USING MINI-TRAPS SET AT NETWORK ENDPOINTS, which in turn gains priority from U.S. Provisional Patent Application No. 62 / 046,319 filed Sep. 5, 2014 and entitled A METHOD FOR IDENTIFYING THE PRESENCE OF MALWARE BY SETTING MINI-TRAPS IN NETWORK ENDPOINTS. Both applications are incorporated herein by reference as if fully set forth herein.FIELD AND BACKGROUND OF THE INVENTION[0003]The invention, in some embodiments, relates to the field of computer threats, and more specifically to methods and systems for identifying the presence of advanced persistent threats in a network and for trapping the threats.[0004]Advanced persistent threats, such as computer viruses, computer worms, Trojan horses, and other malware, particularly when infecting endpoints in an organization's ...

AI Technical Summary

Benefits of technology

[0010]The invention, in some embodiments, relates to the field of computer threats, and more specifically to methods and systems for identifying the presence of ransomware in a network and for trapping the threat.

Problems solved by technology

Advanced persistent threats, such as computer viruses, computer worms, Trojan horses, and other malware, particularly when infecting endpoints in an organization's network, are some of the most crucial security problems for many organizations.

Current security mechanisms are generally unable to cope with, and to prevent, infectious attacks, and as a result attackers, such as hackers, crackers, and cyber-terrorists, are able to insert malware into the networks of such organizations.

However, malware signatures are changed, added and mutated constantly, and signature analysis tools typically cannot keep up with the changing malware signatures, and therefore this method is far from failsafe.

However, this method requires collecting all the traffic to and from the organization, collecting data from assets inside the organization and the computational analysis methods used to implement this technique often trigger false positives and / or suffer from false negatives.

However, sandboxing often greatly slows down the flow of traffic in the network, due to the need to check every incoming piece of suspicious code.

Additionally, malware developers have found multiple different methods for circumventing or bypassing sandboxing technologies, thereby reducing the effectiveness of this technology.

However, these methods are not perfect because they make assumptions about the application which may be incorrect, because there are methods for the ransomware to evade these solutions, and / or because the solution introduces another agent on the endpoint.

Images